1 files changed, 32 insertions, 0 deletions

diff --git a/libre/kdelibs-libre/security-fix.patch b/libre/kdelibs-libre/security-fix.patch
new file mode 100644
index 000000000..3d98a47ae
--- /dev/null
+++ b/libre/kdelibs-libre/security-fix.patch
@@ -0,0 +1,32 @@
+commit 65d736dab592bced4410ccfa4699de89f78c96ca
+Author: Grégory Oestreicher <greg@kamago.net>
+Date:   Wed May 8 23:16:00 2013 +0200
+
+    Don't show passwords contained in HTTP URLs in error messages
+    BUG: 319428
+
+diff --git a/kioslave/http/http.cpp b/kioslave/http/http.cpp
+index 2d139a9..129fc7b 100644
+--- a/kioslave/http/http.cpp
++++ b/kioslave/http/http.cpp
+@@ -3056,7 +3056,7 @@ try_again:
+             ; // Ignore error
+         } else {
+             if (!sendErrorPageNotification()) {
+-                error(ERR_INTERNAL_SERVER, m_request.url.url());
++                error(ERR_INTERNAL_SERVER, m_request.url.prettyUrl());
+                 return false;
+             }
+         }
+@@ -3072,9 +3072,9 @@ try_again:
+         // Tell that we will only get an error page here.
+         if (!sendErrorPageNotification()) {
+             if (m_request.responseCode == 403)
+-                error(ERR_ACCESS_DENIED, m_request.url.url());
++                error(ERR_ACCESS_DENIED, m_request.url.prettyUrl());
+             else
+-                error(ERR_DOES_NOT_EXIST, m_request.url.url());
++                error(ERR_DOES_NOT_EXIST, m_request.url.prettyUrl());
+             return false;
+         }
+     } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {